Merge branch 'vector-search' of https://github.com/markjbrown/azure-docs-pr into vector-search

Author: markjbrown

articles/active-directory/app-provisioning/user-provisioning.md

@@ -70,7 +70,7 @@ Some common motivations for using automatic provisioning include:
 - Easily importing a large number of users into a particular SaaS application or system.
 - A single set of policies to determine provisioned users that can sign in to an app.
 
-Azure AD user provisioning can help address these challenges. To learn more about how customers have been using Azure AD user provisioning, read the [ASOS case study](https://aka.ms/asoscasestudy). The following video provides an overview of user provisioning in Azure AD.
+Azure AD user provisioning can help address these challenges. To learn more about how customers have been using Azure AD user provisioning, read the [ASOS case study](https://techcommunity.microsoft.com/t5/microsoft-entra-azure-ad-blog/asos-better-protects-its-data-with-azure-ad-automated-user/ba-p/827846). The following video provides an overview of user provisioning in Azure AD.
 
 > [!VIDEO https://www.youtube.com/embed/_ZjARPpI6NI]
 

articles/active-directory/includes/automatic-redemption-include.md

@@ -34,7 +34,7 @@ The following table shows how this setting compares when enabled for these scena
 | Users must accept a [consent prompt](../external-identities/redemption-experience.md#consent-experience-for-the-guest) | No | No | No |
 | Users receive a [B2B collaboration notification email](../external-identities/redemption-experience.md#automatic-redemption-process-setting) | No | Yes | N/A |
 
-This setting doesn't impact application consent experiences. For more information, see [Consent experience for applications in Azure Active Directory](../develop/application-consent-experience.md). This setting isn't supported for organizations across different Microsoft cloud environments, such as Azure commercial and Azure Government.
+This setting doesn't impact application consent experiences. For more information, see [Consent experience for applications in Microsoft Entra ID](../develop/application-consent-experience.md). This setting isn't supported for organizations across different Microsoft cloud environments, such as Azure commercial and Azure Government.
 
 #### When is consent prompt suppressed?
 

articles/active-directory/includes/cross-tenant-synchronization-include.md

@@ -11,6 +11,6 @@ ms.author: rolyon
 ms.custom: include file
 ---
 
-The cross-tenant synchronization setting is an inbound only organizational setting to allow the administrator of a source tenant to synchronize users into a target tenant. This setting is a check box with the name **Allow users sync into this tenant** that is specified in the target tenant. This setting doesn't impact B2B invitations created through other processes such as [manual invitation](../external-identities/add-users-administrator.md) or [Azure AD entitlement management](../governance/entitlement-management-external-users.md).
+The cross-tenant synchronization setting is an inbound only organizational setting to allow the administrator of a source tenant to synchronize users into a target tenant. This setting is a check box with the name **Allow users sync into this tenant** that is specified in the target tenant. This setting doesn't impact B2B invitations created through other processes such as [manual invitation](../external-identities/add-users-administrator.md) or [Microsoft Entra entitlement management](../governance/entitlement-management-external-users.md).
 
 :::image type="content" source="../media/external-identities/access-settings-users-sync.png" alt-text="Screenshot that shows the  Cross-tenant sync tab with the Allow users sync into this tenant check box." lightbox="../media/external-identities/access-settings-users-sync.png":::

articles/active-directory/includes/pim-for-groups-include.md

@@ -12,4 +12,4 @@ ms.custom: include file
 ---
 
 >[!Note]
-> For groups used for elevating into Azure AD roles, we recommend that you require an approval process for eligible member assignments. Assignments that can be activated without approval can leave you vulnerable to a security risk from less-privileged administrators. For example, the Helpdesk Administrator has permission to reset an eligible user's passwords.
+> For groups used for elevating into Microsoft Entra roles, we recommend that you require an approval process for eligible member assignments. Assignments that can be activated without approval can leave you vulnerable to a security risk from less-privileged administrators. For example, the Helpdesk Administrator has permission to reset an eligible user's passwords.

articles/active-directory/includes/user-type-workload-limitations-include.md

@@ -14,5 +14,5 @@ ms.custom: include file
 | App or service | Limitations |
 | --- | --- |
 | Microsoft Teams | - Converting an external guest into an external member or converting an external member into an external guest isn't currently supported by Teams. For more information, see [Guest access in Microsoft Teams](/microsoftteams/guest-access). |
-| Power BI | - Support for UserType Member in Power BI is currently in preview. For more information, see [Distribute Power BI content to external guest users with Azure AD B2B](/power-bi/enterprise/service-admin-azure-ad-b2b#who-can-you-invite). |
+| Power BI | - Support for UserType Member in Power BI is currently in preview. For more information, see [Distribute Power BI content to external guest users with Microsoft Entra B2B](/power-bi/enterprise/service-admin-azure-ad-b2b#who-can-you-invite). |
 | Azure Virtual Desktop | - External member and external guest aren't supported in Azure Virtual Desktop. |

articles/active-directory/managed-identities-azure-resources/tutorial-vm-windows-access-storage.md

@@ -30,7 +30,7 @@ This tutorial shows you how to use a system-assigned managed identity for a Wind
 > * Get an access and use it to call Azure Storage
 
 > [!NOTE]
-> Azure Active Directory authentication for Azure Storage is in public preview.
+> Microsoft Entra authentication for Azure Storage is in public preview.
 
 ## Prerequisites
 
@@ -96,7 +96,7 @@ This section shows how to grant your VM access to an Azure Storage container. Yo
 
 ## Access data 
 
-Azure Storage natively supports Azure AD authentication, so it can directly accept access tokens obtained using a managed identity. This approach uses Azure Storage's integration with Azure AD, and is different from supplying credentials on the connection string.
+Azure Storage natively supports Microsoft Entra authentication, so it can directly accept access tokens obtained using a managed identity. This approach uses Azure Storage's integration with Microsoft Entra ID, and is different from supplying credentials on the connection string.
 
 Here's a .NET code example of opening a connection to Azure Storage. The example uses an access token and then reads the contents of the file you created earlier. This code must run on the VM to be able to access the VM's managed identity endpoint. .NET Framework 4.6 or higher is required to use the access token method. Replace the value of `<URI to blob file>` accordingly. You can obtain this value by navigating to file you created and uploaded to blob storage and copying the **URL** under **Properties** the **Overview** page.
 
@@ -184,4 +184,4 @@ The response contains the contents of the file:
 In this tutorial, you learned how enable a Windows VM's system-assigned identity to access Azure Storage.  To learn more about Azure Storage, see:
 
 > [!div class="nextstepaction"]
-> [Azure Storage](../../storage/common/storage-introduction.md)
+> [Azure Storage](../../storage/common/storage-introduction.md)

articles/active-directory/managed-identities-azure-resources/tutorial-windows-vm-access-arm.md

@@ -21,7 +21,7 @@ ms.collection: M365-identity-device-management
 
 [!INCLUDE [preview-notice](../../../includes/active-directory-msi-preview-notice.md)]
 
-This tutorial shows you how to access the Azure Resource Manager API using a Windows virtual machine with system-assigned managed identity enabled. Managed identities for Azure resources are automatically managed by Azure and enable you to authenticate to services that support Azure AD authentication without needing to insert credentials into your code. You learn how to:
+This tutorial shows you how to access the Azure Resource Manager API using a Windows virtual machine with system-assigned managed identity enabled. Managed identities for Azure resources are automatically managed by Azure and enable you to authenticate to services that support Microsoft Entra authentication without needing to insert credentials into your code. You learn how to:
 
 > [!div class="checklist"] 
 > * Grant your VM access to a Resource Group in Azure Resource Manager 
@@ -43,7 +43,7 @@ This tutorial shows you how to access the Azure Resource Manager API using a Win
 
 [!INCLUDE [portal updates](~/articles/active-directory/includes/portal-update.md)]
 
-Using managed identities for Azure resources, your application can get access tokens to authenticate to resources that support Azure AD authentication. The Azure Resource Manager API supports Azure AD authentication. We grant this VM's identity access to a resource in Azure Resource Manager, in this case a Resource Group. We assign the [Reader](../../role-based-access-control/built-in-roles.md#reader) role to the managed-identity at the scope of the resource group. 
+Using managed identities for Azure resources, your application can get access tokens to authenticate to resources that support Microsoft Entra authentication. The Azure Resource Manager API supports Microsoft Entra authentication. We grant this VM's identity access to a resource in Azure Resource Manager, in this case a Resource Group. We assign the [Reader](../../role-based-access-control/built-in-roles.md#reader) role to the managed-identity at the scope of the resource group. 
 
 1. Sign in to the [Azure portal](https://portal.azure.com) with your administrator account.
 1. Navigate to the tab for **Resource Groups**.
@@ -70,7 +70,7 @@ You'll need to use **PowerShell** in this portion.  If you don’t have **PowerS
     ```
     
     > [!NOTE]
-    > The value of the "resource" parameter must be an exact match for what is expected by Azure AD. When using the Azure Resource Manager resource ID, you must include the trailing slash on the URI.
+    > The value of the "resource" parameter must be an exact match for what is expected by Microsoft Entra ID. When using the Azure Resource Manager resource ID, you must include the trailing slash on the URI.
     
     Next, extract the full response, which is stored as a JavaScript Object Notation (JSON) formatted string in the $response object. 
     

articles/active-directory/managed-identities-azure-resources/tutorial-windows-vm-access-cosmos-db.md

@@ -61,7 +61,7 @@ Next, add a data collection in the Azure Cosmos DB account that you can query in
 
 ## Grant access
 
-This section shows how to grant Windows VM system-assigned managed identity access to the Azure Cosmos DB account access keys. Azure Cosmos DB does not natively support Azure AD authentication. However, you can use a system-assigned managed identity to retrieve an Azure Cosmos DB access key from Resource Manager, and use the key to access Azure Cosmos DB. In this step, you grant your Windows VM system-assigned managed identity access to the keys to the Azure Cosmos DB account.
+This section shows how to grant Windows VM system-assigned managed identity access to the Azure Cosmos DB account access keys. Azure Cosmos DB does not natively support Microsoft Entra authentication. However, you can use a system-assigned managed identity to retrieve an Azure Cosmos DB access key from Resource Manager, and use the key to access Azure Cosmos DB. In this step, you grant your Windows VM system-assigned managed identity access to the keys to the Azure Cosmos DB account.
 
 To grant the Windows VM system-assigned managed identity access to the Azure Cosmos DB account in Azure Resource Manager using PowerShell, update the following values:
 
@@ -97,7 +97,7 @@ You need to install the latest version of [Azure CLI](/cli/azure/install-azure-c
    ```
 
    > [!NOTE]
-   > The value of the "resource" parameter must be an exact match for what is expected by Azure AD. When using the Azure Resource Manager resource ID, you must include the trailing slash on the URI.
+   > The value of the "resource" parameter must be an exact match for what is expected by Microsoft Entra ID. When using the Azure Resource Manager resource ID, you must include the trailing slash on the URI.
     
    Next, extract the "Content" element, which is stored as a JavaScript Object Notation (JSON) formatted string in the $response object. 
 

articles/active-directory/managed-identities-azure-resources/tutorial-windows-vm-access-datalake.md

@@ -21,7 +21,7 @@ ms.collection: M365-identity-device-management
 
 [!INCLUDE [preview-notice](../../../includes/active-directory-msi-preview-notice.md)]
 
-This tutorial shows you how to use a system-assigned managed identity for a Windows virtual machine (VM) to access an Azure Data Lake Store. Managed identities are automatically managed by Azure. They enable your application to authenticate to services that support Azure AD authentication, without needing to insert credentials into your code.
+This tutorial shows you how to use a system-assigned managed identity for a Windows virtual machine (VM) to access an Azure Data Lake Store. Managed identities are automatically managed by Azure. They enable your application to authenticate to services that support Microsoft Entra authentication, without needing to insert credentials into your code.
 
 In this article you learn how to:
 
@@ -68,7 +68,7 @@ Your VM's system-assigned managed identity can now perform all operations on fil
 
 ## Access data
 
-Azure Data Lake Store natively supports Azure AD authentication, so it can directly accept access tokens obtained using managed identities for Azure resources.  To authenticate to the Data Lake Store filesystem, you send an access token issued by Azure AD to your Data Lake Store filesystem endpoint in an Authorization header. The header has the format "Bearer <ACCESS_TOKEN_VALUE>".  To learn more about Data Lake Store support for Azure AD authentication, read [Authentication with Data Lake Store using Azure Active Directory](../../data-lake-store/data-lakes-store-authentication-using-azure-active-directory.md)
+Azure Data Lake Store natively supports Microsoft Entra authentication, so it can directly accept access tokens obtained using managed identities for Azure resources.  To authenticate to the Data Lake Store filesystem, you send an access token issued by Microsoft Entra ID to your Data Lake Store filesystem endpoint in an Authorization header. The header has the format "Bearer <ACCESS_TOKEN_VALUE>".  To learn more about Data Lake Store support for Microsoft Entra authentication, read [Authentication with Data Lake Store using Microsoft Entra ID](../../data-lake-store/data-lakes-store-authentication-using-azure-active-directory.md)
 
 > [!NOTE]
 > The Data Lake Store filesystem client SDKs do not yet support managed identities for Azure resources.  This tutorial will be updated when support is added to the SDK.
@@ -195,4 +195,4 @@ Using other Data Lake Store filesystem APIs you can append to files, download fi
 In this tutorial, you learned how to use a system-assigned managed identity for a Windows virtual machine to access an Azure Data Lake Store. To learn more about Azure Data Lake Store, see:
 
 > [!div class="nextstepaction"]
->[Azure Data Lake Store](../../data-lake-store/data-lake-store-overview.md)
+>[Azure Data Lake Store](../../data-lake-store/data-lake-store-overview.md)

articles/active-directory/managed-identities-azure-resources/tutorial-windows-vm-access-nonaad.md

@@ -21,7 +21,7 @@ ms.collection: M365-identity-device-management
 
 [!INCLUDE [preview-notice](../../../includes/active-directory-msi-preview-notice.md)]
 
-This tutorial shows you how a Windows virtual machine (VM) can use a system-assigned managed identity to access [Azure Key Vault](../../key-vault/general/overview.md). Key Vault makes it possible for your client application to use a secret to access resources not secured by Azure Active Directory (Azure AD). Managed identities are automatically managed by Azure. They enable you to authenticate to services that support Azure AD authentication, without including authentication information in your code.
+This tutorial shows you how a Windows virtual machine (VM) can use a system-assigned managed identity to access [Azure Key Vault](../../key-vault/general/overview.md). Key Vault makes it possible for your client application to use a secret to access resources not secured by Microsoft Entra ID. Managed identities are automatically managed by Azure. They enable you to authenticate to services that support Microsoft Entra authentication, without including authentication information in your code.
 
 You learn how to:
 
@@ -41,7 +41,7 @@ You learn how to:
 
 [!INCLUDE [portal updates](~/articles/active-directory/includes/portal-update.md)]
 
-This section shows how to grant your VM access to a secret stored in a Key Vault. When you use managed identities for Azure resources, your code can get access tokens to authenticate to resources that support Azure AD authentication.  However, not all Azure services support Azure AD authentication. To use managed identities for Azure resources with those services, store the service credentials in Azure Key Vault, and use the VM's managed identity to access Key Vault to retrieve the credentials.
+This section shows how to grant your VM access to a secret stored in a Key Vault. When you use managed identities for Azure resources, your code can get access tokens to authenticate to resources that support Microsoft Entra authentication.  However, not all Azure services support Microsoft Entra authentication. To use managed identities for Azure resources with those services, store the service credentials in Azure Key Vault, and use the VM's managed identity to access Key Vault to retrieve the credentials.
 
 First, we need to create a Key Vault and grant our VM’s system-assigned managed identity access to the Key Vault.